Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-42568 — Yamcs Vulnerable to LDAP Injection in LdapAuthModule

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username…

| Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-42305 — Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when clon…

| Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.3 MEDIUM
CVE-2024-21944 — Intel Virtualization Technology DIMM SPD Information Disclosure and Memory Corruption

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of …

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-42563 — Dulwich Vulnerable to Command Injection via Merge Driver Path

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `ProcessMergeDriver` substitutes the file path (from th…

| Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-42558 — Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in Data…

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe San…

| Cross-Site Scripting
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-46520 — ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of differ…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out …

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-45664 — ImageMagick: Policy Bypass in MNG coder could

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possib…

| Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-46522 — ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file cou…

| Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-45624 — ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-…

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-45359 — ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in…

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-45358 — ImageMagick: Out-of-Bounds Read of a single byte in meta encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bo…

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-42326 — ImageMagick: Heap Buffer Over-Read in IPTC encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could …

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-45031 — ImageMagick: Policy Bypass in PSD decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible…

| Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.8 HIGH
CVE-2026-2049 — GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User inte…

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-46523 — ImageMagick: Use-After-Free in MSL decoder.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Version…

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-46625 — JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute inj…

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the sour…

| Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-45783 — libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mo…

| Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-46679 — libp2p: Memory DoS via subscription flood of unique topics

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.j…

| Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.6 MEDIUM
CVE-2026-11604 — OpenVPN Kernel Memory Corruption and Denial of Service

An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kern…

ovpn-dco-win | Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.1 HIGH
CVE-2026-0274 — Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resource…

Remote | Authentication
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
Showing 20 of 7403 Results